white at alioth.debian.org
2008-Oct-01 11:25 UTC
[Secure-testing-commits] r9909 - data/CVE
Author: white Date: 2008-10-01 11:25:41 +0000 (Wed, 01 Oct 2008) New Revision: 9909 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-01 09:14:14 UTC (rev 9908) +++ data/CVE/list 2008-10-01 11:25:41 UTC (rev 9909) @@ -1,83 +1,83 @@ CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component ...) - TODO: check + NOT-FOR-US: Camera Life CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman ...) - TODO: check + NOT-FOR-US: Siteman CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb ...) - TODO: check + NOT-FOR-US: ParsaGostar ParsaWeb CMS CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a ...) - TODO: check + NOT-FOR-US: DESlock CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 ...) - TODO: check + NOT-FOR-US: DESlock CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...) - TODO: check + NOT-FOR-US: PowerPortal CVE-2008-4360 RESERVED CVE-2008-4359 RESERVED CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...) - TODO: check + NOT-FOR-US: SPAW Editor PHP CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows ...) - TODO: check + NOT-FOR-US: Powie pLink CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...) - TODO: check + NOT-FOR-US: Kasseler CMS CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ...) - TODO: check + NOT-FOR-US: Powie PSCRIPT Forum CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media ...) - TODO: check + NOT-FOR-US: NetArt Media iBoutique CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote ...) - TODO: check + NOT-FOR-US: Linkarity CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...) - TODO: check + NOT-FOR-US: phpSmartCom CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...) - TODO: check + NOT-FOR-US: phpSmartCom CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...) - TODO: check + NOT-FOR-US: vbLOGIX Tutorial Script CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) - TODO: check + NOT-FOR-US: s0nic Paranews CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio allows remote ...) - TODO: check + NOT-FOR-US: PHPortfolio CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...) - TODO: check + NOT-FOR-US: Powie pNews CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...) - TODO: check + NOT-FOR-US: TalkBack CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...) - TODO: check + NOT-FOR-US: WebPortal CMS CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote ...) - TODO: check + NOT-FOR-US: 6rbScript CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...) - TODO: check + NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...) - TODO: check + NOT-FOR-US: ActiveX CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Google Chrome CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...) - TODO: check + NOT-FOR-US: Symantec Veritas NetBackup Server CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...) TODO: check CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows ...) - TODO: check + NOT-FOR-US: Bitweaver CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...) - TODO: check + NOT-FOR-US: Atomic Photo Album CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) ...) - TODO: check + NOT-FOR-US: Atomic Photo Album CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: PHP infoBoard CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus ...) - TODO: check + NOT-FOR-US: PHP infoBoard CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...) - TODO: check + NOT-FOR-US: PHP infoBoard CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...) - TODO: check + NOT-FOR-US: phpOCS CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 ...) - TODO: check + NOT-FOR-US: LanSuite CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...) - TODO: check + NOT-FOR-US: openEngine CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...) - TODO: check + NOT-FOR-US: EasyRealtorPRO CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...) TODO: check CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...) @@ -85,17 +85,17 @@ CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...) TODO: check CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...) - TODO: check + NOT-FOR-US: Windows Explorer CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP ...) - TODO: check + NOT-FOR-US: FlashGet FTP CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) - TODO: check + NOT-FOR-US: OpenNMS CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...) - TODO: check + NOT-FOR-US: Libra File Manager CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Observer CVE-2008-4317 RESERVED CVE-2008-4316 @@ -129,19 +129,19 @@ CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...) TODO: check CVE-2008-4301 (A certain ActiveX control in iisext.dll in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...) TODO: check CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its ...) - TODO: check + NOT-FOR-US: Cisco Linksys WRT350N CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user ...) - TODO: check + NOT-FOR-US: IBM Tivoli Netcool/Webtop CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when ...) TODO: check CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...) @@ -235,17 +235,17 @@ CVE-2008-4248 RESERVED CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...) - TODO: check + NOT-FOR-US: Denora IRC Stats Server CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...) - TODO: check + NOT-FOR-US: Rianxosencabos CMS CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Rianxosencabos CMS CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) ...) TODO: check CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...) TODO: check CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...) - TODO: check + NOT-FOR-US: CJ Ultra Plus CVE-2008-4240 RESERVED CVE-2008-4239 @@ -311,19 +311,19 @@ CVE-2008-4209 RESERVED CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...) - TODO: check + NOT-FOR-US: OSADS Alliance Database CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...) - TODO: check + NOT-FOR-US: Attachmax Dolphin CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...) - TODO: check + NOT-FOR-US: Attachmax Dolphin CVE-2008-4205 (SQL injection vulnerability in index.php in Attachmax Dolphin 2.1.0 ...) - TODO: check + NOT-FOR-US: Attachmax Dolphin CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...) - TODO: check + NOT-FOR-US: SoftAcid Hotel Reservation System CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...) - TODO: check + NOT-FOR-US: CzarNews CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...) - TODO: check + NOT-FOR-US: Gonafish LinksCaffePRO CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news ...) TODO: check CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...) @@ -339,7 +339,7 @@ CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...) TODO: check CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...) - TODO: check + NOT-FOR-US: Alt-N Technologies SecurityGateway CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 ...) TODO: check CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)